Detect Phishing: 101

“91% of cyber-attacks start with a phishing email.”

– Digitalguardian.com

Major data breaches, such as the infamous cyber-attack on Target, began with a phishing attack. Recently, an unknown hedge fund was attacked, resulting in millions of dollars lost when cybercriminals illicitly siphoned funds via unauthorized wire transfers (Bloomberg). It’s no secret, detection of phishing attempts should be on the top of everyone’s list everywhere. Why? Because phishing starts with the one thing you can’t control – the human.

According to a study by an industry leading security awareness training company, 76% of organizations are still targeted by phishing attacks and only 65% of the surveyed respondents even knew what a phishing attack was (Tripwire).

1. Recognize your business is a target.

Whether you are a small business or a large hedge fund or private equity firm, attackers see your organization as an opportunity. Successful phishing attacks are usually the result of temporary lapses in situational awareness.

2. Who is the email coming from and are they who they appear to be?

Attackers create fake email accounts that appear to be from someone you know and trust. Glancing at the sender name does not work today You must look at the email address completely. For example, Smith@company.com looks familiar to 0wen.Smith@company.com. The difference is one character, changed from a letter to a number. That character could spell the difference between you sending sensitive hedge fund information to a trusted partner or a cyber attacker. An important factoid to remember is that emails appear differently on your desktop than on your smartphone. Ensure that you reveal the sender’s address when using any device, before acting.

Look for C.L.A.D. (Credentials, Links, Attachments, Data)

3. Credentials

Remember your attackers seek to steal your login credentials, by any means necessary. Stealing your credentials means they can read your emails, reset your passwords, steal your banking information, and access sensitive hedge fund information. There are many high-end solutions to protect you from these malicious techniques, including one of the most well-known – multifactor authentication. You can find more information about these services offered by Agio within Office 365 Email + Enterprise Mobility.

4. Links

Attackers embed malicious links within their phishing emails, which they’re able to conceal. It’s best-practice to hoverover the link to see what the actual site is. Be wary of clicking on any links within an email, especially if they ask for your credentials!

5. Attachments

Criminals relay malware via attachments with sometimes completely benign names. Attackers will also use names that entice you to open. Think before you click on that excel spreadsheet labeled “employee salaries” or the Word or PDF file named “Invoice.” This is especially difficult when you are accustomed to receiving billing statements, invoices, or other similar documents. You can protect your organization from malicious attachments with malicious email detonation chamber through Advanced Threat Protection (ATP). If we’re speaking French, contact us so we can explain. Whatever you do, remember, don’t download any attachment if you’re not expecting it.

6. Data

Things can get a bit tricky here. This part requires you to really think about the information you’re giving away. Don’t send sensitive data if you’re not 100% positive the sender is legitimate. If you’re a hedge fund, private equity firm, healthcare organization, or sell-side financial institution, nine times out of ten, your data is meant to remain confidential. We can help here, specifically as it relates to automated data classification and sensitive information protection. Don’t hesitate to contact us to learn more. (We’re big advocates of Microsoft’s Information Protection.)

7. Is it urgent?

Did someone send you an email with a subject line titled “Your company made the list for top private equity firm” with a link or attachment? Is someone requesting that you wire funds to a hedge fund right now? Attackers use time against you to make you feel as though you must act now or never. In detecting phishing attacks, slowing down your actions may be what saves you. Be suspicious of any email that is requesting or demanding immediate action.

8. Is this ordinary or abnormal?

One of the simplest methods to detect phishing attacks is predicated upon a common principle; trust but verify. If the sender does not usually ask or request for such actions, validate the request. However, if you believe this to be suspicious, a phone call is best. However, do not call the number on the email’s signature as this may have been maliciously modified.

9. Grammar

One of the more commonly overlooked aspects of email phishing detection is grammar. By no means does this signify that every phishing email contains poor grammar. However, it is a good indicator. Checking for incorrect spelling and punctuation still deserves a spot on our top 10 list. Go a step further and check for smaller clues as well. If you think you know the sender and she goes by Jen and the email is signed from Jennifer, this may be your only hint before disaster strikes.

10. What if everything seems perfect?

Things that seem too good to be true usually are. However, what if everything seems normal? Your trusted partner organization sends you an invoice for services. The email is digitally signed, email address is perfect, the link appears normal, and the attachment contains pertinent information. In some cases, even the best fall victim to phishing attacks. Slow down, remember CLAD, and practice the detection techniques in this article. If you fall victim to an attack, call us. Our Incident Response team is standing by.